VIRY.CZ

ComboFix 10-04-06.04 - Zdenek 07.04.2010 16:21:14.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1023.745 [GMT 2:00]
Spuštěný z: d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Plocha\ComboFix.exe
Použité ovládací přepínače :: d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Plocha\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Nabídka Start\Programy\Po spuštění\syspck32.exe"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Nabídka Start\Programy\Po spuštění\syspck32.exe

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ffozeks


((((((((((((((((((((((((( Soubory vytvořené od 2010-03-07 do 2010-04-07 )))))))))))))))))))))))))))))))
.

2010-04-07 14:42 . 2010-04-07 14:42 -------- d-sh--w- \RECYCLER
2010-04-07 14:15 . 2010-04-07 14:42 -------- d-----w- \ComboFix
2010-04-07 11:05 . 2010-04-07 14:42 -------- d-----w- \Qoobox
2010-04-01 18:33 . 2010-04-06 13:47 -------- d-----w- d:\program files\Mozilla Thunderbird(2)
2010-03-18 20:30 . 2010-03-18 20:30 -------- d-----w- D:\iTunes_Control
2010-03-18 20:30 . 2010-03-18 20:30 -------- d-----w- \iTunes_Control
2010-03-18 20:07 . 2010-03-19 20:43 -------- d-----w- d:\program files\MediaMonkey
2010-03-13 18:20 . 2010-03-13 18:20 -------- d-----w- d:\documents and settings\Zdenek.ZDENEK-JG362RMG\temp
2010-03-11 20:44 . 2010-03-13 18:20 -------- d-----w- d:\program files\TeamViewer

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-07 14:37 . 2007-09-04 18:25 -------- d-----w- d:\program files\EurotelSMS
2010-04-06 15:39 . 2010-03-03 11:37 -------- d-----w- d:\program files\Trend Micro
2010-04-06 13:45 . 2006-09-06 19:18 -------- d-----w- d:\program files\RivaTuner v2.0 RC 16
2010-04-05 12:11 . 2010-04-05 12:11 5789 ----a-w- D:\huadio.tmp
2010-04-05 12:11 . 2010-04-05 12:11 5789 ----a-w- \huadio.tmp
2010-03-15 18:34 . 2010-02-22 15:07 -------- d-----w- d:\program files\Kooperativa
2010-03-12 14:15 . 2007-09-25 19:11 -------- d-----w- d:\program files\Common Files\Java
2010-03-12 14:15 . 2007-09-25 19:20 -------- d-----w- d:\program files\Java
2010-03-04 22:07 . 2007-08-29 15:11 -------- d-----w- d:\program files\FlashGet
2010-03-04 20:43 . 2010-03-04 20:43 -------- d-----w- d:\program files\Alwil Software
2010-03-04 19:36 . 2010-03-04 19:36 -------- d-----w- d:\program files\VS Revo Group
2010-03-03 21:36 . 2010-02-14 13:03 -------- d-----w- d:\program files\Opera
2010-03-03 20:58 . 2010-03-03 20:58 -------- d-----w- d:\program files\CCleaner
2010-03-03 19:20 . 2010-03-03 12:18 -------- d-----w- d:\program files\Spybot - Search & Destroy
2010-03-02 15:51 . 2009-08-29 19:27 -------- d-----w- d:\program files\MrKrax URL Submitter
2010-02-24 21:07 . 2010-02-24 21:05 -------- d-----w- d:\program files\TVAnts
2010-02-22 15:07 . 2010-02-22 15:07 -------- d-----w- d:\program files\Borland
2010-02-15 18:44 . 2010-02-15 18:44 -------- d-----w- d:\program files\Logitech Touch Mouse Server
2010-02-09 15:35 . 2004-03-27 20:36 -------- d-----w- d:\program files\Zoner
2007-10-10 17:29 . 2007-10-12 15:12 536064 -c--a-w- d:\program files\GIFAnimator.exe
2004-10-01 14:00 . 2009-11-26 11:47 40960 ----a-w- d:\program files\Uninstall_CDS.exe
2010-02-04 18:51 . 2008-10-06 13:14 119808 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

------- Sigcheck -------

[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . d:\windows\explorer.exe
[-] 2004-08-17 . 4D32D7FFC2F583FE21EF0A4F99EABB12 . 974848 . . [6.00.2900.2180] . . d:\windows\ServicePackFiles\i386\explorer.exe
[-] 2002-09-20 . 11D80755545CFB5EB9659EE88440EAE2 . 1004544 . . [6.00.2800.1106] . . d:\windows\$NtServicePackUninstall$\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" [2009-08-06 133104]
"RocketDock"="d:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-01-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MBM 5"="d:\software\Aplikace\Motherboard Monitor 5\MBM5.EXE" [2003-01-08 577536]
"LogonStudio"="d:\software\Aplikace\LogonStudio\logonstudio.exe" [2002-09-03 987187]
"PinnacleDriverCheck"="d:\windows\System32\PSDrvCheck.exe" [2004-03-10 406016]
"HPDJ Taskbar Utility"="d:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-28 188416]
"SSBkgdUpdate"="d:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="d:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"IMJPMIG8.1"="d:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"MSPY2002"="d:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"PHIME2002ASync"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="d:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"Gainward"="d:\windows\TBPanel.exe" [2007-04-23 2173744]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-04 30192]
"AppleSyncNotifier"="d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-09-04 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-09-08 305440]
"SweetIM"="d:\program files\SweetIM\Messenger\SweetIM.exe" [2009-10-20 111928]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="d:\windows\System32\CTFMON.EXE" [2004-08-17 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-17 54784]

d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Logitech Touch Mouse Server.lnk - d:\program files\Logitech Touch Mouse Server\iTouch-Server-Win.exe [2009-10-23 228352]
RocketDock.lnk - d:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-19 630784]

d:\documents and settings\All Users.WINDOWS\Nabˇdka Start\Programy\Po spuçtŘnˇ\
BTTray.lnk - d:\program files\MICROSTAR\Bluetooth Software\BTTray.exe [2003-1-16 360509]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="d:\windows\system32\logonuiX.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-28 17:39 12464 ----a-w- d:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-09-10 22:43 67488 -c--a-w- d:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Sony\\Vegas 6.0\\VegSrv60.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\wincmd\\WINCMD32.EXE"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"d:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"d:\\Program Files\\B!Soft\\RSS Builder\\RSSBuilder.exe"=
"d:\\Program Files\\KompoZer 0.7.10\\kompozer.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Software\\Games\\UT\\UnrealTournament\\System\\UnrealTournament.exe"=
"d:\\Program Files\\iPhone Tunnel Suite\\iTunnel\\iTunnel.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Ripdev\\JuiceDrop\\JuiceDrop.exe"=
"d:\\Program Files\\Java\\jre6\\launch4j-tmp\\frd.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\Logitech Touch Mouse Server\\iTouch-Server-Win.exe"=
"d:\\Program Files\\Kooperativa\\KalkZiv\\Kalk_Ziv.exe"=
"d:\\Program Files\\TVAnts\\Tvants.exe"=
"d:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 isdnlink;isdnlink;d:\windows\system32\drivers\linkisdn.sys [27.4.2004 10:25 610403]
R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;d:\windows\system32\drivers\SI3112r.sys [26.3.2003 18:44 85265]
R0 SiWinAcc;SiWinAcc;d:\windows\system32\drivers\SiWinAcc.sys [26.3.2003 18:44 9600]
R1 aswSP;aswSP;d:\windows\system32\drivers\aswSP.sys [6.4.2010 17:48 162640]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [28.10.2009 19:39 333192]
R1 AvgTdiX;AVG Free Network Redirector;d:\windows\system32\drivers\avgtdix.sys [28.10.2009 19:39 360584]
R2 Angelnt;Angelnt;d:\windows\system32\drivers\ANGELNT.SYS [9.5.2004 14:24 31936]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [6.4.2010 17:48 19024]
R2 BT848;WinFast TV2000 XP WDM Video Capture;d:\windows\system32\drivers\wf2kvcap.sys [27.4.2004 10:31 81356]
R2 Dev_CBIDDRV;Dev_CBIDDRV;d:\windows\system32\drivers\CBID.SYS [17.10.2004 21:10 2656]
R2 PStrip;PStrip;d:\windows\system32\drivers\PStrip.sys [10.11.2004 0:32 21968]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;d:\windows\system32\drivers\wf2ktunr.sys [27.4.2004 10:31 39182]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;d:\windows\system32\drivers\wf2kXbar.sys [27.4.2004 10:31 9804]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;d:\windows\system32\drivers\SkyNET.sys [27.4.2004 10:15 462212]
R3 wanlink;wanlink;d:\windows\system32\drivers\wanlink.sys [27.4.2004 10:25 47968]
S0 MPRIFL;MPRIFL;d:\windows\system32\DRIVERS\MPRIFL.SYS --> d:\windows\system32\DRIVERS\MPRIFL.SYS [?]
S1 SysTool;SysTool Overclocking Utility;d:\windows\system32\drivers\SysTool.sys [30.12.2005 1:04 24064]
S2 avg9emc;AVG Free E-mail Scanner;"d:\program files\AVG\AVG9\avgemc.exe" --> d:\program files\AVG\AVG9\avgemc.exe [?]
S2 avg9wd;AVG Free WatchDog;"d:\program files\AVG\AVG9\avgwdsvc.exe" --> d:\program files\AVG\AVG9\avgwdsvc.exe [?]
S2 gupdate1c99e7bd27b9410;Google Update Service (gupdate1c99e7bd27b9410);d:\program files\Google\Update\GoogleUpdate.exe [6.3.2009 18:51 133104]
S3 CV2K1;CommView Network Monitor;d:\windows\system32\DRIVERS\cv2k1.sys --> d:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6.10.2008 15:14 30192]
S3 Netaapl;Apple Mobile Device Ethernet Service;d:\windows\system32\drivers\netaapl.sys [17.6.2009 9:43 17408]
S3 TVicHW32;TVicHW32;d:\windows\system32\drivers\TVicHW32.sys [17.10.2004 20:57 24656]
S4 sptd;sptd;d:\windows\system32\Drivers\sptd.sys --> d:\windows\system32\Drivers\sptd.sys [?]
.
.
------- Doplňkový sken -------
.
uLocal Page = d:\windows\system32\blank.htm
uStart Page = hxxp://tea-earth.net/
mLocal Page = d:\windows\system32\blank.htm
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &ICQ Toolbar Search - d:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: E&xportovat do aplikace Microsoft Office Excel - d:\software\Aplikace\OFFICE~1\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint - Náhled - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Přidat na seznam k tisku - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint - Tisk - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Vysokorychlostní tisk - d:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Stáhnout pomocí FlashGet - d:\program files\FlashGet\jc_link.htm
IE: Stáhnout vše pomocí FlashGet - d:\program files\FlashGet\jc_all.htm
IE: WikiKomentáře Google... - d:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
FF - ProfilePath - d:\documents and settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\Mozilla\Firefox\Profiles\tumuhuqj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.yodl.de/href.php?hrefname=FF-splug_google&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: d:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll

---- NASTAVENÍ FIREFOXU ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
d:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-07 16:42
Windows 5.1.2600 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
d:\windows\System32\smss.exe
d:\windows\system32\csrss.exe
d:\windows\system32\winlogon.exe
d:\windows\system32\services.exe
d:\windows\system32\lsass.exe
d:\windows\system32\svchost.exe
d:\windows\system32\svchost.exe
d:\windows\System32\svchost.exe
d:\windows\System32\svchost.exe
d:\windows\system32\svchost.exe
d:\program files\Alwil Software\Avast5\AvastSvc.exe
d:\windows\system32\spoolsv.exe
d:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\windows\system32\nvsvc32.exe
d:\windows\System32\svchost.exe
d:\windows\system32\wdfmgr.exe
d:\program files\Canon\CAL\CALMAIN.exe
d:\windows\system32\wscntfy.exe
d:\windows\System32\alg.exe
d:\progra~1\MICROS~3\BLUETO~1\BTSTAC~1.EXE
d:\program files\iPod\bin\iPodService.exe
d:\windows\System32\wbem\wmiprvse.exe
d:\windows\system32\rundll32.exe
.
**************************************************************************
.
Celkový čas: 2010-04-07 16:52:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-07 14:52
ComboFix2.txt 2010-04-07 11:41

Před spuštěním: Volných bajtů: 28 901 634 048
Po spuštění: Volných bajtů: 28 778 852 352

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 34BE5BBBD008278A074B8F1AB549048F

Mohu zapnout av? nebo co ted? Zatim to už 10minut jede jak má... zatím

Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

• Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
• Nic nemažte MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
• Log vložte sem.

Oki, už uplne skenuji

Už to skenuje 45minut a jeste neni D hotov a dalsi hdd nasleduji mam jich tam vice
Budu muset na hodku a pul odejit, pokud to do 10 minut nedoleze, tak to postu po 7h.

V pořádku

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3964

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7.4.2010 20:05:16
mbam-log-2010-04-07 (20-05-16).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|F:\|G:\|K:\|M:\|)
Skenované objekty: 513080
Uplynulý čas: 1 hodina(y), 48 minuta(y), 58 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 25

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
D:\Program Files\DAEMON Tools\SetupDTSB.exe (Adware.WhenU) -> No action taken.
D:\Program Files\Kooperativa\Kolumbus2006\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Malaga\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\ObsVerze\nastav\ObsUklid.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Ordinace\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Oz7\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\StartPlus\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Trend\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Trend07\Zalohovac.exe (Trojan.Downloader) -> No action taken.
G:\Dokumenty\Blbiny\Flash\samopal.exe (Joke.Winshoot) -> No action taken.
G:\Dokumenty\Blbiny\Woknows\windows.exe (Application.Badjoke) -> No action taken.
G:\NB\Dokumenty\Blbiny\Flash\samopal.exe (Joke.Winshoot) -> No action taken.
G:\NB\Soft\keyfinder.exe (Application.FindKey) -> No action taken.
G:\NB\Soft\UPXP\RockXP4.exe (Spyware.Passwords) -> No action taken.
G:\NB\Soft\Vegas\Vegas6_DVDarchitekt_CZ\keygen.exe (Trojan.Downloader) -> No action taken.
K:\Soft\UPXP\RockXP4.exe (Spyware.Passwords) -> No action taken.
K:\Soft\Vegas\Vegas6_DVDarchitekt_CZ\keygen.exe (Trojan.Downloader) -> No action taken.
K:\UPXP\RockXP4.exe (Spyware.Passwords) -> No action taken.
M:\back up\Dokumenty\Blbiny\Flash\samopal.exe (Joke.Winshoot) -> No action taken.
M:\back up\NB\Dokumenty\Blbiny\Flash\samopal.exe (Joke.Winshoot) -> No action taken.
M:\NB\Dokumenty\Blbiny\Flash\samopal.exe (Joke.Winshoot) -> No action taken.
M:\NB\Soft\UPXP\RockXP4.exe (Spyware.Passwords) -> No action taken.
M:\NB\Soft\Vegas\Vegas6_DVDarchitekt_CZ\keygen.exe (Trojan.Downloader) -> No action taken.
M:\Dokumenty\PC\RemoveWGA.exe (HackTool.RemoveWGA) -> No action taken.
D:\Documents and Settings\Zdenek.ZDENEK-JG362RMG\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.

Vše, co našel MBAM smažte. Pokud víte, že je nějaký soubor na 100% v pořádku, tak ho vynechte. Poté dejte nový log z MBAM.

ok skenovalo to pres hodinu mam dat zase komplet skan?

Dejte mi sem log, co MBAM smazal.

Tak ale musim pockat až to dokonce ne? Nebo bez skanovani? Dal jsem komplet už to bezi 35min. Mam to ukoncit?

Neukončujte, nechte to doběhnout.

Tak dalsi sken Nechal jsem soubory o kterych vím že jsou v poradku.
Mohu zapnout Avast?
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3964

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

7.4.2010 22:36:44
mbam-log-2010-04-07 (22-36-44).txt

Typ skenu: Úplný sken (C:\|D:\|E:\|F:\|G:\|K:\|M:\|)
Skenované objekty: 513227
Uplynulý čas: 1 hodina(y), 53 minuta(y), 10 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 20

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
D:\Program Files\Kooperativa\Kolumbus2006\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Malaga\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\ObsVerze\nastav\ObsUklid.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Ordinace\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Oz7\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\StartPlus\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Trend\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Trend07\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\System Volume Information\_restore{69F89B49-EA8B-47BF-A868-FDBE43E853DD}\RP990\A0266170.exe (Adware.WhenU) -> No action taken.
G:\NB\Soft\Vegas\Vegas6_DVDarchitekt_CZ\keygen.exe (Trojan.Downloader) -> No action taken.
G:\System Volume Information\_restore{69F89B49-EA8B-47BF-A868-FDBE43E853DD}\RP990\A0266171.exe (Joke.Winshoot) -> No action taken.
G:\System Volume Information\_restore{69F89B49-EA8B-47BF-A868-FDBE43E853DD}\RP990\A0266173.exe (Joke.Winshoot) -> No action taken.
K:\Soft\Vegas\Vegas6_DVDarchitekt_CZ\keygen.exe (Trojan.Downloader) -> No action taken.
K:\System Volume Information\_restore{69F89B49-EA8B-47BF-A868-FDBE43E853DD}\RP990\A0266176.exe (Spyware.Passwords) -> No action taken.
K:\System Volume Information\_restore{69F89B49-EA8B-47BF-A868-FDBE43E853DD}\RP990\A0266177.exe (Spyware.Passwords) -> No action taken.
M:\NB\Soft\Vegas\Vegas6_DVDarchitekt_CZ\keygen.exe (Trojan.Downloader) -> No action taken.
M:\System Volume Information\_restore{69F89B49-EA8B-47BF-A868-FDBE43E853DD}\RP990\A0266178.exe (Joke.Winshoot) -> No action taken.
M:\System Volume Information\_restore{69F89B49-EA8B-47BF-A868-FDBE43E853DD}\RP990\A0266179.exe (Joke.Winshoot) -> No action taken.
M:\System Volume Information\_restore{69F89B49-EA8B-47BF-A868-FDBE43E853DD}\RP990\A0266180.exe (Joke.Winshoot) -> No action taken.
M:\Dokumenty\PC\RemoveWGA.exe (HackTool.RemoveWGA) -> No action taken.

Tak koukam že to system volume information tam pribylo... jinak vse ok.

Vše, krom následujících položek smažte a napište stav PC.

D:\Program Files\Kooperativa\Kolumbus2006\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Malaga\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\ObsVerze\nastav\ObsUklid.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Ordinace\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Oz7\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\StartPlus\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Trend\Zalohovac.exe (Trojan.Downloader) -> No action taken.
D:\Program Files\Kooperativa\Trend07\Zalohovac.exe (Trojan.Downloader) -> No action taken.